8x48/KnowStreaming
1
0
Fork 0
mirror of https://github.com/didi/KnowStreaming.git synced 2026-01-12 02:54:59 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

optimize ldap

Browse Source
This commit is contained in:
zengqiao
2021-03-10 13:52:09 +08:00
parent d5db028f57
commit 67c37a0984
2 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java
View File

@@ -2,6 +2,7 @@ package com.xiaojukeji.kafka.manager.account.component.sso;
import com.xiaojukeji.kafka.manager.account.AccountService; import com.xiaojukeji.kafka.manager.account.AccountService;
import com.xiaojukeji.kafka.manager.account.component.AbstractSingleSignOn; import com.xiaojukeji.kafka.manager.account.component.AbstractSingleSignOn;
import com.xiaojukeji.kafka.manager.common.bizenum.AccountRoleEnum;
import com.xiaojukeji.kafka.manager.common.constant.LoginConstant; import com.xiaojukeji.kafka.manager.common.constant.LoginConstant;
import com.xiaojukeji.kafka.manager.common.entity.Result; import com.xiaojukeji.kafka.manager.common.entity.Result;
import com.xiaojukeji.kafka.manager.common.entity.ResultStatus; import com.xiaojukeji.kafka.manager.common.entity.ResultStatus;
@@ -33,6 +34,14 @@ public class BaseSessionSignOn extends AbstractSingleSignOn {
@Value(value = "${account.ldap.enabled:}") @Value(value = "${account.ldap.enabled:}")
private Boolean accountLdapEnabled; private Boolean accountLdapEnabled;
//ldap自动注册的默认角色。请注意它通常来说都是低权限角色
@Value(value = "${account.ldap.auth-user-registration-role:}")
private String authUserRegistrationRole;
//ldap自动注册是否开启
@Value(value = "${account.ldap.auth-user-registration:}")
private boolean authUserRegistration;
@Override @Override
public Result<String> loginAndGetLdap(HttpServletRequest request, HttpServletResponse response, LoginDTO dto) { public Result<String> loginAndGetLdap(HttpServletRequest request, HttpServletResponse response, LoginDTO dto) {
if (ValidateUtils.isBlank(dto.getUsername()) || ValidateUtils.isNull(dto.getPassword())) { if (ValidateUtils.isBlank(dto.getUsername()) || ValidateUtils.isNull(dto.getPassword())) {
@@ -47,6 +56,16 @@ public class BaseSessionSignOn extends AbstractSingleSignOn {
if(!ldapAuthentication.authenticate(dto.getUsername(),dto.getPassword())){ if(!ldapAuthentication.authenticate(dto.getUsername(),dto.getPassword())){
return Result.buildFrom(ResultStatus.LDAP_AUTHENTICATION_FAILED); return Result.buildFrom(ResultStatus.LDAP_AUTHENTICATION_FAILED);
} }
if((ValidateUtils.isNull(accountResult) || ValidateUtils.isNull(accountResult.getData())) && authUserRegistration){
//自动注册
AccountDO accountDO = new AccountDO();
accountDO.setUsername(dto.getUsername());
accountDO.setRole(AccountRoleEnum.getUserRoleEnum(authUserRegistrationRole).getRole());
accountDO.setPassword(dto.getPassword());
accountService.createAccount(accountDO);
}
return Result.buildSuc(dto.getUsername()); return Result.buildSuc(dto.getUsername());
} }

2
kafka-manager-web/src/main/resources/application.yml
View File

@@ -58,6 +58,8 @@ account:
authentication: simple authentication: simple
principal: cn=admin,dc=tsign,dc=cn principal: cn=admin,dc=tsign,dc=cn
credentials: admin credentials: admin
auth-user-registration: true
auth-user-registration-role: normal
kcm: kcm:
enabled: false enabled: false